Full Stack Developer. Wannabe Entrepreneur.

Why Custom User Providers?

At my current job all the database systems are managed by DB admins and the developers have to connect to the database via web services. We do not connect to the databases directly. This allows for better separation of concerns and allows experts to focus on their respective specialties. But if you are programming a Symfony2 app, that means you don’t get to use Doctrine or any other ORM, which in turn means you create your own models/entities.

When you want to develop the authentication parts of your new app you will quickly find that there is plenty of documentation for Doctrine/ORM based apps, but if you are using your own custom models then you run into pages like this one. (when I finish this post I will submit an article to the docs and see if they approve it)UPDATE: Someone beat me to it, there is now a good tutorial in the Symfony docs for custom user providers.

So, after a few hours of googling-reading-tinkering I figured out how to use the Symfony authentication system with my own custom models. Keep in mind I am still new to Symfony2, so many of these concepts will be beginner level.

Your User Entity

For this example, I am assuming you are using custom entities for your project. I have created a custom User entity to manage users in my application. It extends a base class that handles most of the getting, setting and the calls to my database REST service, but that is optional depending on how you setup your own entities.

eraseCredentials() which is used to erase sensitive data from the session object

equals(UserInterface $user) which is used to make sure the right user is authenticated

You will need to define all of these functions to correctly load your users from your web-service (or however you are doing it). Once you have all the required function defined, you are ready to move on to the User Provider Service.

The User Provider

To use your own custom entities in Symfony2 authentication, you will need to have a basic understanding of Symfony services and the Symfony authentication system. Read those links if you haven’t yet. To reiterate what the user provider is, from the docs:

In Symfony2, users can come from anywhere – a configuration file, a database table, a web service, or anything else you can dream up. Anything that provides one or more users to the authentication system is known as a “user provider”. Symfony2 comes standard with the two most common user providers: one that loads users from a configuration file and one that loads users from a database table.

Again, since we are NOT using doctrine, we will create our own User Provider as a service in Symfony. Based on the documentation, it seems that the best place to put this is in YourBundle/Security folder.

refreshUser() – I don’t completely understand the purpose of this function yet. I will update when I do.

supportsClass() – A check to see if a certain type of user class is supported, in our case we use our custom user class definition

I also added a constructor that takes a UserInterface object and stores it in a property when initialized. This will be done as a symfony service.

Configuration

The final step is to create the configuration for your newly build User Provider and User Entity. First, we must add our new entity and provider as a symfony service in our bundle’s service configuration in YourBundle/Resources/config/services.xml :

I define two parameters with the name of my custom user class and my custom provider class. I then add two services, one for the user entity, and the other for the user provider class. One thing to note is that I actually pass the user entity service as an argument to the provider service when initialized.

And lastly, you need to update your security configuration for your application. Here is my configuration with form-based validation: